ISPconfig 3 - Mirror System / Two Server Setup !?!

I've been running ISPconfig 3 "Single Server System" on a Ubuntu Server 12.04.2 for some time now.. But now I would like to get some security and efficiency, therefore I have invested in a new RACK system with 2 identical servers which I would like to use as ISPconfig Servers, 1 "primary" and 1 as a "backup server" - so that if one server fails, another takes over, but....
I've been reading in the manual about: "3.3 Mirror Setup" and "3.3.1.1 Setting Up The Two Base Systems"... This made me wonder how to do this the right way.
Regarding "The Mirror Setup" we are told:"...In a mirror setup, ISPConfig will copy just the configuration (web site configuration, email configuration, etc.) from
the master to the mirror (i.e., not any web site contents, etc.).."
What is the advantage of this? Isn't suppose to be able to "take over" if a server/the primary server fails? If not, then how do I setup a system that does this? You are talking about rsync/GlusterFS but if I don't know these programs and how to set it up, then what do I do? Is this the right thing to do?:3.3.1 Installing A Web, Email And MySQL Database Cluster On
Debian 6.0 With ISPConfig 3
If, do you have a tutorial for Ubuntu Server 12.04.2 ??? I know that Ubuntu is based on Debian but still, there usually is a tutotial for Ubuntu systems

What about the IP numbers? I know we will just create another static IP address for the second server, but how will "the second server" "take over" when the WAN/Fixed IP is pointed at the primary server's local IP address.
For the time being I am only using one WAN/Fixed IP-address for my system, but because I changed from a private to a business Internet solution I know it's possibel to get some more public IP addresses - But these I have to apply for, so this is something that will take some time. If it is possibel to do it with the one public IP I have it would be great.
I do have something the ISP call's for "LAN IP-number" 2 extra addresses to use, which points at the WAN !?!?!? Example: My WAN/fixed IP is: 66.160.133.14 - The "LAN-adresses" is: 66.160.134.101-66.160.134.102 (66.160.134.100/34)
I'm not that great when it comes to handling multiple IPnumbers in the same system/the same router. Not when its regarding IPnumbers on the public side.... Please help me..

I recommend to use undison for the filesystem sync as its described in the mirror guide of the manual and not glusterfs. Glusterfs gets really slwo when you have a lot of small files like it is common for web servers. We had a old setup that used glusterfs but the performance was bad so the new guide that is part of the current manual uses unison.

What is the advantage of this?

Click to expand...

It enables you to run all kind or mirror setups like hot standby systems or loadbalancing.

Isn't suppose to be able to "take over" if a server/the primary server fails?

Click to expand...

No, there is specific software for IP switching in hot standby setups which you can use together with ispconfig like haproxy.

If, do you have a tutorial for Ubuntu Server 12.04.2 ??? I know that Ubuntu is based on Debian but still, there usually is a tutotial for Ubuntu systems

Click to expand...

The cluster guide exists only for Debian 6, but the ubuntu setup should be quite similar. Just the mysql configuration has changes in mysql 5.5 as far as I know.

1) Thats ok, the servers have to use local IP addresses if they are behind a NAT router. If your server is behind a router anyway, then a good way to make the failover switching is to change just the IP in the router were the services are forwarded to from server 1 to server 2.

1.
Yes, I'm behind a router/NAT and using DMZ for the "ISPconfig 3 Single Server System" I've been using uptil now.

But this restricts me to use only 1 server and if I'm setting up the new system "ISPconfig 3 Two Server System" I'll guess I have to use more than one. My router is a D-Link DIR-655 and it has this function - Could I use this do you think?:

Virtual Server
The Virtual Server option allows you to define a single public port on your router for redirection to an internal LAN IP Address and Private LAN port if required. This feature is useful for hosting online services such as FTP or Web Servers.

2.
Then you are talking about "...make the failover switching is to change just the IP in the router were the services are forwarded to from server 1 to server 2.."

I'm not quite sure here.. "FailOver" function I have noticed in a "3G Router" which I'm using another place but not in the D-Link Router which I'm using here in the office.

Isn't the "Two Server System" suppose to "make the switch" themsleves if one server fails? Or, is it something that will have to be setup in the router?

Perhaps it's me totally misunderstanding what you mean and I'm sorry for that - but please "take baby-steps" regarding this problem

But this restricts me to use only 1 server and if I'm setting up the new system "ISPconfig 3 Two Server System" I'll guess I have to use more than one. My router is a D-Link DIR-655 and it has this function - Could I use this do you think?:

Click to expand...

The servers use internal IP addresses, if you use a 255 subnet then you have plenty of internal addresses. In case of a failure,you just change the forwarding in your router from the first server to the second one.

I'm not quite sure here.. "FailOver" function I have noticed in a "3G Router" which I'm using another place but not in the D-Link Router which I'm using here in the office.

Click to expand...

Thats something different. A failover in a 3g router means that it can use a second uplink over a different media to connect to the internet.

Isn't the "Two Server System" suppose to "make the switch" themsleves if one server fails?

Click to expand...

No, that not the way the setup works. The purpose of the setup is to mirror the configuration and data of servers in a way that you can use them as hot standby systems or as load balanced systems.

If you switch the IP by binding a virtual IP to the network cards or switch it n your router or use a load balancer is up to you, its all possibl with that setup.

1.
To setup the "Two Server System" I'll have to follow step 1-8 in the debian tutorial, but in the ubuntu tutorial "The Perfect Server....." there's another step which I'll guess needs to be done as well - "Step 10 Disable AppArmor". Do I do this as well?

2.Quote:
Isn't the "Two Server System" suppose to "make the switch" themsleves if one server fails?

No, that not the way the setup works. The purpose of the setup is to mirror the configuration and data of servers in a way that you can use them as hot standby systems or as load balanced systems.
If you switch the IP by binding a virtual IP to the network cards or switch it n your router or use a load balancer is up to you, its all possibl with that setup.

"Binding a virtual IP to the network cards...", "Use a load balancer..." Please define this. Which is the better way? To Switch it in the router is pretty easy, but you'll have to be where the servers are to do it...

3.Quote:
But this restricts me to use only 1 server and if I'm setting up the new system "ISPconfig 3 Two Server System" I'll guess I have to use more than one. My router is a D-Link DIR-655 and it has this function - Could I use this do you think?:

The servers use internal IP addresses, if you use a 255 subnet then you have plenty of internal addresses. In case of a failure,you just change the forwarding in your router from the first server to the second one.

Sorry about this, it's just because I'm working on setting up a system that is able to handle more than 1 public/external IP - a class* of 8 or 16 IP's I hope to be awarded 16 IP's from my ISP. I'm just not sure about my router, if it is able to handle multiple public IP's... So, sorry about that question.

1) yes.
2) This is a wide field and nothing that can be explained in a post here. The solution to switch the IP in your router is most likely the easiest way for you. Running and configuring a load balancer setup or virtual IP switch setup is not that easy and more more a topic for advanced linux administrators, if its not done right then you might decrease reliability and not increase it as these are additional components which might fail.

If you want to try such a loadbalancer setup then you can e.g. take alook at this guide:

Sorry about this, it's just because I'm working on setting up a system that is able to handle more than 1 public/external IP - a class* of 8 or 16 IP's I hope to be awarded 16 IP's from my ISP. I'm just not sure about my router, if it is able to handle multiple public IP's... So, sorry about that question.

Click to expand...

Ok, no need to say sorry The best option might be to contact the support of the router vendor and ask them if your router can handle multiple IP addresses. If it can handle this, then you have to assign each external IP to a internal IP address. Your servers will use the internal IP's then.

And after you explained things about my question number 3, I suddenly remembered everything from 10 years back where I hosted clients myself on a mix of IIS servers and SUSE Linux NameServers.. So thank you for that. Now I now exactly what to do!!!

Thanks...

NB! I've got a HowToForge Subscription,,,,doesn't this give me the right to view the tutorial "ISPconfig3-Ubuntu-12.04......." as a PDF??? Just tried to "view as PDF" but was directed to the subscription site!?!

NB! I've got a HowToForge Subscription,,,,doesn't this give me the right to view the tutorial "ISPconfig3-Ubuntu-12.04......." as a PDF??? Just tried to "view as PDF" but was directed to the subscription site!?!

The link works, a PDF generated site appears... But it's in landscape !?! Is this the way you ment it to be?
And to view in PDF I don't have to do something out of the ordinary? Just hit "View in PDF" in the tutorial at the website, right?

Regarding "Two BASE System" / "Mirror Setup":

1. From the ISPconfig 3 manual, page 45, in the top...
---------------------------------------------------------------------------------------------------------------------------------------------------------------------Edit the sources.list file...

vi /etc/apt/sources.list

... and ensure that your /etc/apt/sources.list contains the squeeze-updates repository (this makes sure
you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and
sometimes old versions stop working).

What about this? There will be places in the "Setup The Two Servers" guide that might have to be done in anothe way because I'm using Ubuntu Server 12.04.2 instead of debian..

2. Same site, next step:

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet.
Simply run

apt-get -y install ntp ntpdate

But in the Ubuntu tutorial this step is done this way:

apt-get install ntp ntpdate

Can I follow the guide in the "ISPconfig 3 Manual" when I'm using Ubuntu 12.04.2 instead of Debian... I know I asked about this before, it's just that back the I didn't know about these issues!

3. Is there a chance for you to run the guide/in the manual through a make some note's here in this post about "Step's to do the Ubuntu Way" or Just point out the places in the "Mirror Setup"/"Two Base System" and then I can try to find the Ubuntu command's myself, in the "ThePerfectServer-ISPconfig3-Ubuntu12.04-Apache2-Dove-Bind....etc"

4. To setup the mirror system, "The Two Base System" - All steps from page 43 - 72 are to be followed, right?

5. Regarding your post earlier on, I just have to ask one more time to be safe. If I follow the "Two Base System" guide in the "ISPconfig 3 Manual" page 43 - 72, then it is this "Undison or Unison" that is used !?!? Like you recommended !?!?

"....I recommend to use undison for the filesystem sync as its described in the mirror guide of the manual and not glusterfs. Glusterfs gets really slwo when you have a lot of small files like it is common for web servers. We had a old setup that used glusterfs but the performance was bad so the new guide that is part of the current manual uses unison..."

OK! Didn't notice this the first time I read the guide So, plase disregard question "5"

".....In the following tutorial, Unison is used to share
contents between the master and the slave server..."

The link works, a PDF generated site appears... But it's in landscape !?! Is this the way you ment it to be?

Click to expand...

Yes. Thats intended as some of the longer commands wont fit otherwise.

1-5) Some package names may differ, but the overall setup should be the same. I havent set this up on Ubuntu yet so I acnt tell you in detail which steps differ. Basically you can install the "main" software like apache,postfix, mysql, pure-ftpd etc. as described in the ubuntu guide. From the mirror guide you have to follow the instructions for mysql replication, unison installation and the ispconfig installation part.

It's this I noticed: ".....contains the squeeze-updates repository..." ".....makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working..."

Is it this I have to do when it's Ubuntu Server 12.04 or is it not a problem when it's Ubuntu!? :

STEP 8 Edit /etc/apt/sources.list And Update Your Linux Installation
Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:vi /etc/apt/sources.list

(SHORT VERSION)
How do I do this when I'm using Ubuntu Server 12.04.2 ?:

Edit the sources.list file...vi /etc/apt/sources.list
... and ensure that your /etc/apt/sources.list contains the squeeze-updates repository (this makes sure
you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and
sometimes old versions stop working).

I'm just confused because it's allready done in STEP 7 in "ThePerfectServer-DebianSqueeze-BIND-Dovecot...etc" - exactly the same thing, I think!?!

2. Regarding STEP "VI /etc/hosts" in the guide:

In the "ThePerfectServer-ISPconfig3-Ubuntu12.04-etc..." tutorial, we were told to set it up like this:
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.tld server1

In the guide/in debian it's set up like this:
127.0.0.1 localhost
192.168.0.105 server1.example.tld
192.168.0.106 server2.example.tld

So what about:
" .localdomain localhost"
" server1"

Do I need to change this? or is this ok?:
127.0.0.1 localhost.localdomain localhost
192.168.0.105 server1.example.tld server1
192.168.0.106 server2.example.tld server2

It's the extra field with localhost/server1/server2 + .localdomain . I guess it's because it's Ubuntu that it's done this way, or what say you Mr. Brehm

Again, I'm sorry for asking, but it's because I'm still a novice I'm asking, I don't know what might be important and what might not be !?!

3. Next "STEP" - Why do we have to setup the hostname again? We did it in STEP 1 - 8 (10 for Ubuntu) in the "ThePerfectServer-ISPconfig3-Ubuntu12.04-etc..." Is it just to be sure that the second server is setup with "server2......." ?!?

3) Just ensure that its set correctly. If you did it already, then you can skip it. The multiserver guides are often used on servers ith preconfigured operating systems which were not setup according to the first steps of the perfects etup guide, so I repaet the instructions to ensure that this step is not left out.

2. OK, so it's not needed here, the same way it was in "Single Server Setup"
127.0.0.1 localhost.localdomain localhost
192.168.0.105 server1.example.tld server1
192.168.0.106 server2.example.tld etc...

3. OK, that's what I expected And this is why your tutorials are so great

I log in on both servers using "administrator" and then the password. Then I "sudo su" and my password again, and this works for both servers. Same username and password!
I don't quite get it, because when I log on to e.g. "server 1" the way I described, the prompt shows "administrator@server1" and after "sudo su" it shows "root@server1" - The password I just used to "sudo su" is this not the root password? What's the solution?

* = "....and giving root a password. You can then directly log in as root, but this is frowned upon by the Ubuntu developers and community for various reasons. See http://ubuntuforums.org/showthread.php?t=765414.).."

I will try that! But, is this what we are warned about? "... giving root a password.." or is it just temp. like when you use "sudo" in general?
If it's permanent, how do I change it back? If it's not permanent, please disregard my stupid question.. I find the root/sudo/password issue with the Ubuntu system a little tricky

"....and giving root a password. You can then directly log in as root, but this is frowned upon by the Ubuntu developers and community for various reasons. See http://ubuntuforums.org/showthread.php?t=765414.).."

Question:
1. At page 46 in the manual, isn't the example suppose to be regarding ip 192.168.0.105 & 192.168.0.106 ??? I'm just asking because this is the first time I'm doing the "Two Server Setup" I'll guess it's just a little error in the sample?!?

From the manual - page 46:Next, we copy our public key to server2.example.tld:
ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@192.168.0.106
root@server1:~# ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@192.168.0.101
The authenticity of host '192.168.0.101 (192.168.0.101)' can't be established.
RSA key fingerprint is 25:d8:7a:ee:c2:4b:1d:92:a7:3d:16:26:95:56:62:4e.
Are you sure you want to continue connecting (yes/no)? <-- yes (you will see this
only if this is the first time you connect to server2)
Warning: Permanently added '192.168.0.101' (RSA) to the list of known hosts.root@192.168.0.101's password: <-- server2 root password
Now try logging into the machine, with "ssh 'root@192.168.0.101'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

2. In the "Two Server Setup"/"Mirror Setup" Guide, in the ISPconfig3 Manual page 46 we have now reached the place where we are going to instal the software, just like in the "The Perfect Server - ISPconfig3 - Ubuntu 12.04...etc. etc." Single Server Setup. And as we discussed further up this post, I will now install "postfix, dovecot and mysql" with one single command, but! There's a difference between the to tutorials/guides. I know you told me to use the commands from the Ubuntu tutorial, but this means to additional commands - so please confirm this is ok. I have highlighted the to extra commands in red to show the difference between the to tutorials/guides

I will try that! But, is this what we are warned about? "... giving root a password.." or is it just temp. like when you use "sudo" in general?
If it's permanent, how do I change it back? If it's not permanent, please disregard my stupid question.. I find the root/sudo/password issue with the Ubuntu system a little tricky

Click to expand...

It is permanent. But this is ok as your system is protected by fail2ban so it can not be attacked with a brute force attack, just ensure that you use a long password with chars in upper / lower case, numbers and some special chars. Btw, the Ubuntu developers are the only ones which force to use sudo, the debian, centos and opensuse you can use the root account by default without having to enable it first. Most likely ubuntu does it because it is develped as a desktop Linux and not server and on desktops, user should not use root.

1. At page 46 in the manual, isn't the example suppose to be regarding ip 192.168.0.105 & 192.168.0.106 ??? I'm just asking because this is the first time I'm doing the "Two Server Setup" I'll guess it's just a little error in the sample?!?

Click to expand...

You have to use the IP addresses of your servers. The IP's in the guides are just examples.

1.:It is permanent. But this is ok as your system is protected by fail2ban so it can not be attacked with a brute force attack, just ensure that you use a long password with chars in upper / lower case, numbers and some special chars. Btw, the Ubuntu developers are the only ones which force to use sudo, the debian, centos and opensuse you can use the root account by default without having to enable it first. Most likely ubuntu does it because it is develped as a desktop Linux and not server and on desktops, user should not use root.

Ok, I see.. Thanks for the detailed explanation.. But never the less, would you please show me how to disable the root password again, make it like it was before we "sudo passwd root". I would be greatfull I think I will keep the root password and to be used in similar situations, but I like to know how to do things, so if you would, please let me know how to...

2.: (this is not important, I think)You have to use the IP addresses of your servers. The IP's in the guides are just examples.

Yes, I know that it's a sample... I use completely different IP'numbers in my LAN. What I ment was the IP-numbers in the example, weren't they suppose to be 192.168.1.105 and 192.168.1.106??? 192.168.1.101 suddely appears in the example as I highlighted in red...
If this is not a mistake, which server is 192.168.1.101 in the "Two Server Setup" on page 46, second para?

3.:thats ok.

Great, and as we discussed earlier on, this is the way to do it all the way through the guide. To follow the guide and then to use the ubuntu software installation guidelines from the tutorial "The Perfect Server-ISPconfig3-Ubuntu12.04-etc.etc...."

4a.:
From the Guide, page 44"...The following steps have to be executed on the master and on the slave server. If a specific step is only for the
master or slave, then I've added a note in the description in red..."

And this is the case whenever there's no note of "SERVER1" or "SERVER2", right?

4b.:
After running the command above, I got 2 not 3 questions to answer or fields to fill in:General type of configuration? <-- Internet site THIS ONE!Mail name? <-- server1.mydomain.tld THIS ONESSL certificate required <-- OkBUT NOT THIS ONE!

4c.:
And how much of STEP 12 in the Tutorial "ThePerfectServer-ISPconfig3-Ubuntu12.04-etc..." do I follow? http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3-p4
Do I: "vi /etc/postfix/master.cf"
Do I: /etc/init.d/postfix restart
Do I: vi /etc/mysql/my.cnf
and follow all the steps here in the tutorial "ThePerfectServer-ISPconfig3-Ubuntu12.04-etc..." or do I jump right to the next step in the "Two Server Setup" Guide: vi /etc/mysql/my.cnf and go from there?
OK, I can see this will get more complicated than first expected. I'm having trouble finding the place where to go from the guide to the tutorial and vice versa..
If you tell me to follow the tutorial "ThePerfectServer-ISPconfig3-Ubuntu12.04-etc..." all the way down to: "/etc/init.d/mysql restart" then I think I still get it! Because it's the same issue, "....comment out the line bind-address = 127.0.0.1:.." and then my question "4b." is no longer an issue!

I have no problem adding this under the section [mysqld] - but "commenting out the conflicting" this I just don't get!?!? I can't find one single line containing anything like the line's we are adding!?!? sorry...

5a.: Is it OK or where's the "conflicting options"?
5b.: "master-password = slave_user_password" Do I enter the password here, in this file??? I guess not!
5c.: "master-host = 192.168.0.106" This is the IPnumber for the other server, right?

6.:
Whenever an installation take this long as when I'm doing it - there will be new updates available!! What do I do? Do I update and upgrade those 4-6 packages or do I finish the setup and update later on???

I'm really sorry, Mr. Brehm, for all these newbie questions

NB! I have a question regarding the monthly payment/subscription... Maybe this is not the right place to ask this? If not, please advise me where to do so.
Is it possibel to move the date where the payment is done/from the 21 till the last day in the month? or the first in the month, it doesn't matter which one??? We have a apecial account where the payment amounts are transferred every month and this is every last day in the month. I get warnings from PayPAL every 21. in the month and message "HowtoForge Subscription" will be notified, and then I can't use this great service for several days. Is there anyway you could correct this? I would really appreciate this

1) https://help.ubuntu.com/community/RootSudo
2) It might be a mistake in the example. Please use your IP addresses.
4a) Yes, install it on both servers.
4b) The queries might be different on your apt configuration and Linux distribution.
4c) you can follow the complete unbuntu tutorial and then add the additional steps for configurung mysql and unison.
5) This part of the guide might not work on ubuntu due to a newer mysql version, If I remember correctly I read that someone posted it here in the forums a few weeks ago, but I havent tested that. It might be nescessary that you search for a guide with instructions for mysql master/master replication for the mysql version that you have installed on your server if the instructions from debian guide dont work.
6) it is ok to install the updates later.

Is it possibel to move the date where the payment is done/from the 21 till the last day in the month? or the first in the month, it doesn't matter which one??? We have a apecial account where the payment amounts are transferred every month and this is every last day in the month. I get warnings from PayPAL every 21. in the month and message "HowtoForge Subscription" will be notified, and then I can't use this great service for several days. Is there anyway you could correct this? I would really appreciate this

Click to expand...

The subscription is done by paypal / rbs worldpay and start on the subscription day. We are not able to change that date as we do not handle the renewals. The only option that I see to change the date is that you cancel your current subscription and order a new one on the date were it shall start / renew.